my freeradius-2.1.6 is not auth with PIN only.
I will be glad, if anyone can direct me to whare The log below is the part of the debug for the new test freeradius server 2.1.6 am testing with. However, the hotspotlogin,cgi is able to pass the param username to the radius but when the query is run against the database the "Tue Jun 9 14:59:48 2009 : Info: [sql] expand: %{User-Name} -> 0x32333435363738393031" the value of the username sent is changed. I have disabled the chap in the /usr/local/etc/raddb/sites-enabled/default. kindly advise on what to do. ################### my radcheck has the info below. mysql> select * from radcheck; +-----+------------+--------------------+----+------------+ | id | username | attribute | op | value | +-----+------------+--------------------+----+------------+ | 5 | 2345678901 | Auth-Type | := | Accept | | 201 | 1234567890 | Cleartext-Password | := | 1234567890 | +-----+------------+--------------------+----+------------+ 4 rows in set (0.00 sec) ######################radiusd -XX (part of the debug) rad_recv: Access-Request packet from host 127.0.0.1 port 44600, id=0, length=189 ChilliSpot-Max-Input-Octets = 0x32333435363738393031 ChilliSpot-Max-Output-Octets = 0 NAS-IP-Address = 127.0.0.1 Service-Type = Login-User Framed-IP-Address = 192.168.182.2 Calling-Station-Id = "00-1F-29-80-62-F3" Called-Station-Id = "00-50-DA-0C-C9-B0" NAS-Identifier = "nas01" Acct-Session-Id = "4a2e6a7700000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0xf2ee6add34820fb96dcceef08c07bbc5 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Tue Jun 9 14:59:48 2009 : Info: +- entering group authorize {...} Tue Jun 9 14:59:48 2009 : Info: ++[preprocess] returns ok Tue Jun 9 14:59:48 2009 : Info: ++[mschap] returns noop Tue Jun 9 14:59:48 2009 : Info: [suffix] No '@' in User-Name = "2345678901", looking up realm NULL Tue Jun 9 14:59:48 2009 : Info: [suffix] No such realm "NULL" Tue Jun 9 14:59:48 2009 : Info: ++[suffix] returns noop Tue Jun 9 14:59:48 2009 : Info: [eap] No EAP-Message, not doing EAP Tue Jun 9 14:59:48 2009 : Info: ++[eap] returns noop Tue Jun 9 14:59:48 2009 : Info: ++[unix] returns notfound Tue Jun 9 14:59:48 2009 : Info: ++[files] returns noop Tue Jun 9 14:59:48 2009 : Info: [sql] expand: %{User-Name} -> 0x32333435363738393031 Tue Jun 9 14:59:48 2009 : Info: [sql] sql_set_user escaped user --> '0x32333435363738393031' Tue Jun 9 14:59:48 2009 : Debug: rlm_sql (sql): Reserving sql socket id: 4 Tue Jun 9 14:59:48 2009 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '0x32333435363738393031' ORDER BY id Tue Jun 9 14:59:48 2009 : Info: [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '0x32333435363738393031' ORDER BY priority Tue Jun 9 14:59:48 2009 : Debug: rlm_sql (sql): Released sql socket id: 4 Tue Jun 9 14:59:48 2009 : Info: [sql] User 0x32333435363738393031 not found Tue Jun 9 14:59:48 2009 : Info: ++[sql] returns notfound Tue Jun 9 14:59:48 2009 : Info: ++[expiration] returns noop Tue Jun 9 14:59:48 2009 : Info: ++[logintime] returns noop Tue Jun 9 14:59:48 2009 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. Tue Jun 9 14:59:48 2009 : Info: ++[pap] returns noop Tue Jun 9 14:59:48 2009 : Debug: rlm_sqlcounter: Entering module authorize code Tue Jun 9 14:59:48 2009 : Debug: rlm_sqlcounter: Could not find Check item value pair Tue Jun 9 14:59:48 2009 : Info: ++[validity] returns noop Tue Jun 9 14:59:48 2009 : Debug: rlm_sqlcounter: Entering module authorize code Tue Jun 9 14:59:48 2009 : Debug: rlm_sqlcounter: Could not find Check item value pair Tue Jun 9 14:59:48 2009 : Info: ++[noresetcounter] returns noop Tue Jun 9 14:59:48 2009 : Debug: rlm_sqlcounter: Entering module authorize code Tue Jun 9 14:59:48 2009 : Debug: rlm_sqlcounter: Could not find Check item value pair Tue Jun 9 14:59:48 2009 : Info: ++[hotspotcontrol] returns noop Tue Jun 9 14:59:48 2009 : Info: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Tue Jun 9 14:59:48 2009 : Info: Failed to authenticate the user. Tue Jun 9 14:59:48 2009 : Info: Using Post-Auth-Type Reject Tue Jun 9 14:59:48 2009 : Info: +- entering group REJECT {...} Tue Jun 9 14:59:48 2009 : Info: [attr_filter.access_reject] expand: %{User-Name} -> 0x32333435363738393031 Tue Jun 9 14:59:48 2009 : Debug: attr_filter: Matched entry DEFAULT at line 11 Tue Jun 9 14:59:48 2009 : Info: ++[attr_filter.access_reject] returns updated Tue Jun 9 14:59:48 2009 : Info: Delaying reject of request 0 for 1 seconds Tue Jun 9 14:59:48 2009 : Debug: Going to the next request Tue Jun 9 14:59:48 2009 : Debug: Waking up in 0.9 seconds. Tue Jun 9 14:59:49 2009 : Info: Sending delayed reject for request 0 Sending Access-Reject of id 0 to 127.0.0.1 port 44600 Tue Jun 9 14:59:49 2009 : Debug: Waking up in 4.9 seconds. Tue Jun 9 14:59:54 2009 : Info: Cleaning up request 0 ID 0 with timestamp +187 Tue Jun 9 14:59:54 2009 : Debug: Ready to process requests.
However, the hotspotlogin,cgi is able to pass the param username to the radius
Sort of.
rad_recv: Access-Request packet from host 127.0.0.1 port 44600, id=0, length=189 ChilliSpot-Max-Input-Octets = 0x32333435363738393031 ChilliSpot-Max-Output-Octets = 0 NAS-IP-Address = 127.0.0.1 Service-Type = Login-User Framed-IP-Address = 192.168.182.2 Calling-Station-Id = "00-1F-29-80-62-F3" Called-Station-Id = "00-50-DA-0C-C9-B0" NAS-Identifier = "nas01" Acct-Session-Id = "4a2e6a7700000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0xf2ee6add34820fb96dcceef08c07bbc5 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
There is no User-Name in the packet.
but when the query is run against the database the "Tue Jun 9 14:59:48 2009 : Info: [sql] expand: %{User-Name} -> 0x32333435363738393031" the value of the username sent is changed.
Your dictionaries are badly broken. Whatever you have done - put it back. Chillispot dictionary is included by default in 2.1.6. Ivan Kalik Kalik Informatika ISP
Thanks Ivan, i have discovered that and i removed the chillispot dictionary that i included and after that i was able to do the authentication. however, it is now complaining about my check-item pair as not being okay. How will i create the check-item value pair? i have appended the "ATTRIBUTE Max-Secs-Passed 3000 integer" to my radius dictionary file, Thanks for your help. On Fri, Jun 12, 2009 at 10:36 AM, Ivan Kalik <tnt@kalik.net> wrote:
However, the hotspotlogin,cgi is able to pass the param username to the radius
Sort of.
rad_recv: Access-Request packet from host 127.0.0.1 port 44600, id=0, length=189 ChilliSpot-Max-Input-Octets = 0x32333435363738393031 ChilliSpot-Max-Output-Octets = 0 NAS-IP-Address = 127.0.0.1 Service-Type = Login-User Framed-IP-Address = 192.168.182.2 Calling-Station-Id = "00-1F-29-80-62-F3" Called-Station-Id = "00-50-DA-0C-C9-B0" NAS-Identifier = "nas01" Acct-Session-Id = "4a2e6a7700000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0xf2ee6add34820fb96dcceef08c07bbc5 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
There is no User-Name in the packet.
but when the query is run against the database the "Tue Jun 9 14:59:48 2009 : Info: [sql] expand: %{User-Name} -> 0x32333435363738393031" the value of the username sent is changed.
Your dictionaries are badly broken. Whatever you have done - put it back. Chillispot dictionary is included by default in 2.1.6.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Goke M Aruna -
Ivan Kalik